Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

For the third successive month, Microsofts Internet Explorer browser has been updated to correct security holes that could put millions of Web surfers at risk of code execution attacks.

The cumulative IE update headlines the August release of six security bulletins from the software maker to cover eight vulnerabilities in its flagship Windows operating system. Three of the six bulletins are rated "critical," the companys highest severity rating.

According to the MS05-038 bulletin, three separate remote code execution flaws are addressed in the worlds most widely used browser.

First up is a vulnerability in the way IE handles JPEG images. An attacker could exploit the vulnerability by creating a malicious JPEG image and luring a Web surfer to view the image.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," the company warned, adding that the malicious image could also be distributed via e-mail.

The bulletin also includes patches for a cross-domain flaw in IE that could lead to system takeover and information disclosure attacks. A malicious hacker could build a Web page and launch a successful attack by getting an IE user to visit the page. However, significant user interaction and social engineering are required to exploit this vulnerability, Microsoft Corp. said.

A third remote code execution bug was found in the way the browser instantiates COM Objects that are not intended to be used in Internet Explorer. This flaw could also be exploited by an attacker to take "complete control" of an unpatched system, Microsoft warned.

According to Oliver Friedrichs, senior manager at Symantec Corp.s Security Response, the IE update should be treated as a high-priority patch. "The potential for graphical image-based exploits is especially concerning as it affects multiple applications and requires no user interaction," Friedrichs said, warning that the flaws can be exploited to install spyware, Trojan horses and bots to steal confidential data.

Microsoft also shipped the MS05-039 bulletin with patches for an unchecked buffer in the Windows Plug and Play service. The vulnerability, which carries a "critical" rating, could allow remote code execution and local privilege escalation attacks.

Plug and Play, or PnP, is a feature that allows the operating system to detect new hardware installed on a system. For example, when a user installs a new mouse on a PC, PnP allows Windows to detect it and load the needed drivers.

A third "critical" bulletin, MS05-043, was also released to address a "wormable" flaw in the Windows Print Spooler Service.

The bug is described as an unchecked buffer that could let an attacker take control of a vulnerable machine to install programs; view, change or delete data; or create new accounts with full user rights. However, Microsoft said it believes most attempts to exploit this vulnerability would most likely result in a denial-of-service condition.

The Print Spooler service, or Spoolsv.exe, is an executable file that is installed as a service and loaded when the operating system starts. The file runs until the operating system is shut down and is used to manage the printing process, which includes such tasks as retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job and scheduling print jobs.

As expected, the August patch batch also includes a fix for a known denial-of-service vulnerability in RDP (Remote Desktop Services), a feature that allows XP users to remotely control computers from another office, from home or while traveling.

Moments after Microsoft issued its patches for the RDP flaw, the research company credited with reporting it released a proof-of-concept exploit to show how a specially crafted RDP packet could crash an unpatched system.

"The reason I released the [proof of concept] is so that other researchers like myself can check out the bug, and maybe there is possibly a variant of this flaw that can be exploited," said Tom Ferris, a researcher at Security-Protocols.com.

Microsoft typically frowns on the release of exploit code so soon after a patch is available, but Ferris told Ziff Davis Internet News that the publication of the exploit is more helpful than harmful.

"I believe that Microsoft will frown on everything that puts a negative spin on their products," he said.

The August bulletins also include:

MS05-040: Patches for an "important" remote code execution flaw in the way Windows uses the TAPI (Telephony Application Programming Interface). The API is used to integrate telecommunications with the operating system and supports both traditional and IP telephony to provide voice, data and video communication. Affected software and operating systems include Windows 2000, Windows XP, Windows Server 2003, Windows 98 and Windows Millennium Edition.

MS05-042: Fixes for a moderately critical vulnerability in Kerberos that could allow denial-of-service, information disclosure and spoofing attacks. The flaw could allow an attacker to send a specially crafted message to a Windows domain controller to crash the service responsible for authenticating users in an Active Directory domain.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.